Closed TjerkNan closed 4 months ago
mellelieuwes
commented
4 months ago @TjerkNan This is the way it is for Yoda. There is no fixed set of URLS. Everybody can host a Yoda instance. The user gets invited on a specific Yoda server. Users are familiar with this way of logging in.
mellelieuwes
commented
4 months ago @TjerkNan Yoda integration is insecure by design at the moment. This is a risk that is known and taken for granted by its users. See this basecamp issue for more on having support for secure Yoda connection that is hosted at SURF: https://3.basecamp.com/5734045/buckets/35926565/card_tables/cards/7596660057
Note: please be aware that Yoda login has not been changed since D3i project last year. The place were the login is done has been moved from Assignment CMS to Storage CMS.
Is your feature request related to a problem? Please describe. People have to fill out the full HTTPS url to connect to Yoda. I think it would be safer to have the user select an appropriate Yoda endpoint from a fixed list we maintain. If you enter the wrong url, there could be a call (not sure) that basically transmits the credentials to an untrusted host. It's also easier for people and less error prone, thus less support requests.
@emielvdveen I've assigned this one to you just to read this and think about it. Feel free to assign this one to other people or remove your name.
Describe the solution you'd like The server URL is selected from a drop-down list or something similar.
Describe alternatives you've considered n/a Additional context n/a